Nortel Contivity VPN Client Local Password Disclosure Weakness
BID:12871
Info
Nortel Contivity VPN Client Local Password Disclosure Weakness
| Bugtraq ID: | 12871 |
| Class: | Design Error |
| CVE: |
CVE-2005-0844 |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 22 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | Discovery of this issue is credited to Roy Hills <[email protected]>. |
| Vulnerable: |
Nortel Networks Contivity VPN Client 5.0 1_030 |
| Not Vulnerable: | |
Discussion
Nortel Contivity VPN Client Local Password Disclosure Weakness
Nortel Contivity VPN Client for Microsoft Windows platforms is reported prone to a local pre-shared key (password) disclosure weakness. It is reported that the VPN user and group password is stored in the memory image of the process in plain-text format.
Credentials that are harvested through the exploitation of this weakness may then be used to aid in further attacks.
This weakness is reported to affect Nortel Contivity VPN Client version 5.01 for Microsoft Windows, versions for the Linux platform are not reported to be vulnerable. Other versions might also be affected.
Nortel Contivity VPN Client for Microsoft Windows platforms is reported prone to a local pre-shared key (password) disclosure weakness. It is reported that the VPN user and group password is stored in the memory image of the process in plain-text format.
Credentials that are harvested through the exploitation of this weakness may then be used to aid in further attacks.
This weakness is reported to affect Nortel Contivity VPN Client version 5.01 for Microsoft Windows, versions for the Linux platform are not reported to be vulnerable. Other versions might also be affected.
Exploit / POC
Nortel Contivity VPN Client Local Password Disclosure Weakness
No exploit is required.
No exploit is required.
Solution / Fix
Nortel Contivity VPN Client Local Password Disclosure Weakness
Solution:
Nortel Networks has released security advisory 2005005619 acknowledging this issue. Please the referenced advisory for further information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Nortel Networks has released security advisory 2005005619 acknowledging this issue. Please the referenced advisory for further information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Nortel Contivity VPN Client Local Password Disclosure Weakness
References:
References:
- Contivity VPN Client Homepage (Nortel Networks)
- Nortel VPN Client Issue: Clear-text password stored in memory (Roy Hills